source3/auth/auth_compat.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 3.0.
   4    Password and authentication handling
   5    Copyright (C) Andrew Bartlett         2001-2002
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23
  24 /****************************************************************************
  25  COMPATABILITY INTERFACES:
  26  ***************************************************************************/
  27
  28 /****************************************************************************
  29 check if a username/password is OK assuming the password is a 24 byte
  30 SMB hash
  31 return True if the password is correct, False otherwise
  32 ****************************************************************************/
  33
  34 static NTSTATUS pass_check_smb(char *smb_name,
  35                                char *domain,
  36                                DATA_BLOB lm_pwd,
  37                                DATA_BLOB nt_pwd,
  38                                DATA_BLOB plaintext_password,
  39                                BOOL encrypted)
  40
  41 {
  42         NTSTATUS nt_status;
  43         auth_usersupplied_info *user_info = NULL;
  44         extern struct auth_context *negprot_global_auth_context;
  45         auth_serversupplied_info *server_info = NULL;
  46         if (encrypted) {
  47                 make_user_info_for_reply_enc(&user_info, smb_name,
  48                                              domain,
  49                                              lm_pwd,
  50                                              nt_pwd);
  51                 nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context,
  52                                                                              user_info, &server_info);
  53         } else {
  54                 struct auth_context *plaintext_auth_context = NULL;
  55                 const uint8 *chal;
  56                 if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
  57                         return nt_status;
  58                 }
  59
  60                 chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
  61
  62                 if (!make_user_info_for_reply(&user_info,
  63                                               smb_name, domain, chal,
  64                                               plaintext_password)) {
  65                         return NT_STATUS_NO_MEMORY;
  66                 }
  67
  68                 nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context,
  69                                                                         user_info, &server_info);
  70
  71                 (plaintext_auth_context->free)(&plaintext_auth_context);
  72         }
  73         free_user_info(&user_info);
  74         free_server_info(&server_info);
  75         return nt_status;
  76 }
  77
  78 /****************************************************************************
  79 check if a username/password pair is ok via the auth subsystem.
  80 return True if the password is correct, False otherwise
  81 ****************************************************************************/
  82 BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
  83 {
  84
  85         DATA_BLOB null_password = data_blob(NULL, 0);
  86         extern BOOL global_encrypted_passwords_negotiated;
  87         BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
  88
  89         if (encrypted) {
  90                 /*
  91                  * The password could be either NTLM or plain LM.  Try NTLM first,
  92                  * but fall-through as required.
  93                  * NTLMv2 makes no sense here.
  94                  */
  95                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
  96                         return True;
  97                 }
  98
  99                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
 100                         return True;
 101                 }
 102         } else {
 103                 if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
 104                         return True;
 105                 }
 106         }
 107
 108         return False;
 109 }
 110
 111